Skip to main content
DO-178C Compliance for Indian Aerospace and Defence Software Teams, featured image

DO-178C Compliance for Indian Aerospace and Defence Software Teams

GSAS Editorial · · 5 min read

India’s aerospace and defence sector is in the midst of a historic transformation. The Make in India initiative, growing defence exports, and ambitious indigenous programmes like the Tejas Light Combat Aircraft, the Advanced Medium Combat Aircraft (AMCA), and a new generation of unmanned aerial vehicles are driving an unprecedented demand for safety-critical software engineering capability. At the centre of this capability sits one standard that every airborne software team must understand: DO-178C.

What Is DO-178C?

DO-178C, formally titled “Software Considerations in Airborne Systems and Equipment Certification”, is the internationally recognised guidance document for developing software that runs in airborne systems. Published by RTCA (Radio Technical Commission for Aeronautics) and its European counterpart EUROCAE, DO-178C is not a regulation itself but is referenced by certification authorities worldwide, including DGCA in India, the FAA in the United States, and EASA in Europe.

When a certification authority evaluates whether an aircraft system is safe to fly, DO-178C provides the framework for assessing whether the software within that system was developed with sufficient rigour. It applies to any software whose failure could affect the safety of the aircraft or its occupants, from flight control laws and engine management to navigation displays and communication systems.

Design Assurance Levels: A Through E

DO-178C defines five Design Assurance Levels (DALs), each corresponding to the severity of failure conditions:

DAL A, Catastrophic: Failure could cause a crash or loss of the aircraft. Examples include primary flight control software and fly-by-wire systems. This level demands the most rigorous development and verification processes, including modified condition/decision coverage (MC/DC) testing. DAL B, Hazardous: Failure could cause serious injury or significant reduction in safety margins. Examples include autopilot systems and certain engine controllers. Requires decision coverage and extensive independence between development and verification activities. DAL C, Major: Failure causes significant increase in crew workload or discomfort to occupants. Examples include some navigation and communication systems. Requires statement coverage and structured testing. DAL D, Minor: Failure causes slight increase in crew workload. Requires a defined development process but with reduced verification intensity compared to higher levels. DAL E, No Effect: Failure has no impact on aircraft safety. No DO-178C objectives apply.

The higher the DAL, the more objectives must be satisfied, the more evidence must be produced, and the greater the independence required between the person who writes the code and the person who verifies it.

Why Indian Aerospace Teams Must Master DO-178C

India’s defence software ecosystem, anchored by national aerospace and defence research organisations alongside private-sector aerospace contractors, is rapidly expanding its indigenous software development capability.

Several factors make DO-178C proficiency urgent:

Indigenous combat aircraft programmes. The Tejas Mk2 and AMCA programmes require flight-critical software developed to DAL A and DAL B standards. As India moves from licence-manufactured platforms to fully indigenous designs, the software certification burden shifts entirely to Indian engineering teams. Defence export ambitions. India is actively pursuing defence exports, the Tejas to markets in Southeast Asia and the Middle East, helicopters, and radar systems. Export customers and their certification authorities will demand DO-178C compliance evidence. Without it, software becomes a barrier to market access. Unmanned systems. India’s military and civil drone programmes are accelerating. As unmanned aircraft operate in increasingly complex airspace, certification requirements tighten. DO-178C compliance for autonomous flight software is becoming a baseline expectation. Private sector entry. Under Make in India, private aerospace companies are entering defence manufacturing and software development. These organisations need to build DO-178C capability from scratch, and they need efficient toolchains to do so without the multi-year learning curve that traditional approaches entail.

How Static Analysis Accelerates DO-178C Compliance

DO-178C objectives related to software verification are among the most resource-intensive aspects of compliance. Verification can consume 50-70% of total project effort at DAL A. Static analysis directly reduces this burden in several ways:

Coding standards enforcement. DO-178C recommends the use of coding standards to prevent error-prone constructs. MISRA C and MISRA C++ are the most widely adopted standards in aerospace C/C++ development. Tools like Helix QAC, the MISRA reference implementation, enforce these rules automatically and generate the compliance documentation that certification authorities expect. Structural coverage supplementation. While DO-178C requires dynamic testing for structural coverage, static analysis identifies dead code, unreachable branches, and deactivated code that could otherwise confuse coverage metrics and waste testing effort. Defect detection on verification-resistant code. Some code paths, particularly error handlers and fault-recovery logic, are difficult to exercise through testing. Static analysis examines these paths without requiring test stimuli, catching null pointer dereferences, buffer overflows, and data-flow anomalies that testing might miss. Traceability and evidence. Certification requires extensive documentation linking requirements to code to tests to results. Modern static analysis tools produce structured reports that integrate into requirements management and ALM workflows, reducing the manual documentation effort.

The GSAS Safety Toolchain for DO-178C

GSAS MicroSystems provides Indian aerospace and defence teams with a curated, integrated toolchain designed for DO-178C compliance:

Perforce Klocwork with DO-178C Qualification Kit: Klocwork’s static analysis engine detects critical defects across C and C++ codebases, while its DO-178C qualification kit provides the Tool Qualification Data (TQD) that certification authorities require under DO-330 (the tool qualification supplement to DO-178C). This means teams can use Klocwork’s results as verification evidence without additional tool qualification effort. Perforce Helix QAC with TUV SUD Certification: For teams requiring the deepest MISRA compliance and independent tool certification, Helix QAC’s TUV SUD certificate provides third-party assurance that the tool is suitable for use in safety-critical development. Its message documentation maps every diagnostic directly to the relevant MISRA rule, simplifying auditor review. Arm Compiler for Embedded, Functional Safety (FuSa) Variant: The Arm FuSa compiler is qualified for safety-critical development under ISO 26262 and IEC 61508, with processes aligned to DO-178C expectations. For teams targeting Arm Cortex-R and Cortex-M processors, which are widely used in avionics and mission systems, this provides a certified compilation path from source to object code. Razorcat TESSY for Unit and Integration Testing: TESSY automates unit testing and structural coverage measurement for C and C++ code, producing the MC/DC, decision, and statement coverage evidence that DO-178C requires at each DAL. Its integration with Helix QAC creates a closed-loop workflow: static analysis identifies risks, TESSY verifies them dynamically, and both tools generate the traceability evidence that certification demands.

Getting Started with DO-178C Tooling

Building DO-178C capability is a multi-year investment, but the toolchain decision is one of the earliest and most consequential choices a programme makes. The wrong tools create rework; the right tools accelerate every phase from coding through certification.

Planning a DO-178C programme or upgrading your existing toolchain? Contact GSAS MicroSystems to request a DO-178C toolchain evaluation. Our aerospace domain specialists will assess your programme’s DAL requirements, codebase characteristics, and workflow constraints, and recommend a toolchain configuration that minimises your path to certification.

Interested in Perforce tools?

Talk to our application engineers for personalized tool recommendations.

Stay in the Loop

Get monthly compliance updates, product insights, and engineering best practices delivered to your inbox.